Primary Group SID
Andrew Bartlett
abartlet at samba.org
Sat Feb 14 21:57:04 GMT 2004
On Sun, 2004-02-15 at 01:41, Bostjan Golob wrote:
> Attached is a patched patch that first checks if it can get the
> gidNumber from LDAP. If not, it goes through getpwnam() to acquire the
> primary gid number.
Except that this isn't quite how you have it. Before we can read
gidNumber, we should determine that we have a posixAccount. Basically,
we need to retrieve the old 'ldap trust ids' code, and use it. I think
this got lost in the IDMAP removal, before 3.0 shipped.
(Grab an old CVS copy of pdb_ldap, and see how it was done).
> If primary GID->SID translation is too expensive for init_sam_from_ldap,
> I can patch get_domain_user_groups from rpc_server/srv_util.c to do it
> instead when enumerating the user's groups. It will require a getpwnam()
> call though, and I don't know how much code checks the primary group SID
> only.
No, this belongs in the backend. There is also some stuff about the
smb.conf substitution code that would benefit from this information - we
lost %u and %g support when we lost the posix info.
Jerry is also going to need to look at this, as he pulled most of this
out, and I need to know what was IDMAP murder, and what was due to other
things.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040215/456f1ff9/attachment.bin
More information about the samba-technical
mailing list